<?php
session_start();
if(isset($_POST['username'])){
	$username = $_POST['username'];
	$password = $_POST['password'];
} else {
	$username = $_GET['username'];
	$password = $_GET['password'];
}

$link = mysql_connect("localhost", "root", "1234");
mysql_select_db("busticket", $link);
mysql_query("SET NAMES UTF8");
$query = "select * from member";
$result = mysql_query($query,$link);

while ($object = mysql_fetch_object($result)){
	if($object->username == $username){
		if($object->password == $password){
			$_SESSION['memberid'] = $object->id;
			$_SESSION['login'] = true;
			$_SESSION['name'] = $object->name;
			$_SESSION['lastname'] = $object->lastname;
			$_SESSION['email'] = $object->email;
			$_SESSION['idcard'] = $object->idcard;
			$_SESSION['username'] = $object->username;
			$_SESSION['password'] = $object->password;
			echo "$object->id";
			$nResult = mysql_query("select * from logticket where memberid = $object->id",$link);
			$profit = 0;
			while($object2 = mysql_fetch_object($nResult)){
				$profit += $object2->price;
			}
			$_SESSION['profit'] = $profit;
			echo "<script>location.href='../view/home.php'</script>";
		} else {
			echo "<script>location.href='../view/index.php?err'</script>";
		}
	} else {
		echo "<script>location.href='../view/index.php?err'</script>";
	}

}

mysql_close($link);
?>